Banning employees from visiting social media sites, such as Facebook and Twitter at work isn’t a good idea, according to Ontario privacy commissioner Ann Cavoukian.

“I think it’s a mistake,” the privacy commissioner told ITBusiness.ca. “It’s like waving the proverbial red flag in front of your staff – it’s almost a challenge to them to find a way around it.”

Cavoukian said she completely understands why in today’s environment some businesses may favour an outright ban, but says such prohibitions are almost always counterproductive.

‘Blanket bans can backfire’

“Employees tend to re-route around a blog, go to another server, and find other ingenious ways of doing what they want to. And these rerouting efforts may actually be even more time consuming.”

The privacy commissioner’s remarks come in the wake of a study released by a U.K. firm Monday showing that people who use Facebook, Twitter and other social networks, while at work, extract a heavy cost on their employers.

Morse surveyed 1,460 office workers and found that 57 per cent browse social networking sites for personal use while in the office.

Those workers use social networks an average of 40 minutes a day at work, which adds up to a lost week each year, the survey found.

“The popularity of social networking sites such as Twitter and Facebook has grown considerably over the last couple of years,” said Philip Wicks, a consultant at Morse, in a statement.

“However with it has come the temptation to visit such sites during office hours [where their use] is clearly becoming a productivity black hole.”

Morse, which commissioned research firm TNS Group to do the study, isn’t alone in its findings.

Similar situations exist all over North America, notes Tim Hickernell, a lead analyst with Info-Tech Research Group in London, Ont. “We hear about it from our clients in Canada and the U.S., as well as the EU and Asia-Pacific.”

Hickernell recommends that Canadian firms treat access to public social networking sites the same way as Internet access using company equipment.

Personal use of such sites should be governed by company policy on use of company information, technology, equipment and services, said Hickernell.

“Most companies do have an explicit policy on Internet use, which covers most professional and knowledge workers. Additional policies may be needed for blue collar or production workers, if they have a process-driven job, which requires full attention.”

And access to social networking services through employee-owned cell phones also should be covered in a policy, the Info-Tech analyst said.

When firms decide to ban access to sites through the company firewall, he said, they need to create a procedure for exceptions.

According to Cavoukian, instead of a blanket ban on social media at work, Canadian firms would get better results by providing employees with solid guidance in this area, and creating a formal “social media policy” that’s communicated to staff.

She said the policy should specify what’s allowed and when, and should also be very clear about what employees are not permitted to convey through social media. “Obviously, confidential workplace information would fall under this head, regardless of the channel used.”

Firms can use their social media policy to reinforce messages their employees should be hearing anyway, the privacy commissioner said.

Such an approach, she said, builds up the profile of the employer in the eyes of staff. “You need to position this with your employees — that you’re being an enlightened employer by not banning social media outright, but creating clear usage guidelines.”

Cavoukian noted that IBM Corp. did this very successfully a couple of years ago. “They have a great model – and if a firm as large as IBM could do this, so can others.”

Apart from earning employee goodwill, many Canadian firms say there are other corporate advantages associated with a democratic social media policy.

Conversations with beer drinkers

Molson Canada, for example, sees great value in the “conversations with the customer” that their staff engages in on sites such as Facebook and Twitter.

“We’ve got 19 different Web sites, a community blog, a number of people on Twitter,” noted Ferg Devins, chief of PR, Molson Coors at last week’s MESH Marketing conference in Toronto. “We’ve also got Facebook sites across the country, [created by] many of our field personnel.”

This candid dialogue, he said, contributes big time to brand visibility.

He distinguished such conversations from one-way push marketing, that sometimes happens even on sites such as Facebook.

“So if there’s a Molson Canadian promotion that’s just pushing a message through, I wouldn’t consider that social media. But what is social media is if — as a brand — we engage in dialogue with drinkers on a Facebook page.”

Devins cited the example of the social media buzz surrounding Molson Canadian 67, the new low (67) calorie beer launched earlier this month.

For instance, on the Molson Canadian 67 fan page on Facebook several Molson staffers engaged users in conversations spanning a broad range of topics – from the kick off party, to the best food pairings for the beer, to calorie-conscious folk talking about their experience of engaging in a “non-guilty pleasure.”

But Info-Tech’s Hickernell says employee conversations about the company on social networking sites – even for business reasons – should be with company approval and oversight.

“Do [firms] let employees start up their own marketing campaigns through e-mail? Do they let employees start their own customer-facing service and support channel? Of course not.”

The analyst acknowledged that many employees are way ahead of the corporate leaders in understanding the potential these new technologies.

“So the company must charge someone with constantly scoping and analyzing new technologies for their customer value, so [they] can be appropriately integrated into company strategy.”

Even when employees engage in social networking for business reasons, security, privacy and other issues still need to be addressed, the Info-Tech analyst said.

“Social networking sites themselves do not make enterprise-ready administrative consoles. So management of user accounts for business is something IT has to create a procedure for.”

He noted that CRM vendors are starting to add some management layers here, such as plugging customer service social networking accounts into the call center agent’s desktop directly. “I expect this to continue within CRM.”

Overseeing personal sites – a no, no!

The analyst strongly cautions companies against overseeing employee content posted on personal accounts. “You cannot prove if it was updated using company or employee-owned equipment. If you think you have a problem, just block [the site].”

He said if a staff member posts confidential or otherwise embarrassing information about the company on a personal site, it isn’t an IT, but an HR issue. “It should be dealt with just like if an employee wrote a letter to the editor of a paper with the same information.” Such communication is inappropriate regardless of the channel, he noted.

Hickernell doesn’t see any merit at all in hiring outside services to monitor the Web for confidential data being posted to social networking sites. “It’s a horrible idea and a waste of money, but unfortunately some companies do this.”

Instead he recommends monitoring and filtering traffic at the firewall to protect the company from lawsuits relating to the creation of hostile workplace environments.